Arming for Virtual Battle: The Dangerous New Rules of Cyberwar

April 7, 2013

Page 2 of 6

Two years ago, the Pentagon clarified where this could lead, when it stated that anyone who attempted to shut down the electric grid in the world's most powerful nation with a computer worm could expect to see a missile in response.

A Private Digital Infrastructure

The risks of a cyberwar were invoked more clearly than ever in Washington in recent weeks. In mid-March, Obama assembled 13 top US business leaders in the Situation Room in the White House basement, the most secret of all secret conference rooms. The group included the heads of UPS, JPMorgan Chase and ExxonMobil. There was only one topic: How can America win the war on the Internet?

The day before, Director of National Intelligence James Clapper had characterized the cyber threat as the "biggest peril currently facing the United States."

The White House was unwilling to reveal what exactly the business leaders and the president discussed in the Situation Room. But it was mostly about making it clear to the companies how threatened they are and strengthening their willingness to cooperate, says Rice University IT expert Christopher Bronk.

The president urgently needs their cooperation, because the US has allowed the laws of the market to govern its digital infrastructure. All networks are operated by private companies. If there is a war on the Internet, both the battlefields and the weapons will be in private hands.

This is why the White House is spending so much time and effort to prepare for possible counterattacks. The aim is to scare the country's enemies, says retired General James Cartwright, author of the Pentagon's current cyber strategy.

Responsible for that strategy is the 900-employee Cyber Command at the Pentagon, established three years ago and located in Fort Meade near the National Security Agency, the country's largest intelligence agency. General Keith Alexander heads both organizations. The Cyber Command, which is expected to have about 4,900 employees within a few years, will be divided into various defensive and offensive "Cyber Mission Forces" in the future.

Wild West Online

It's probably no coincidence that the Tallinn manual is being published now. Developed under the leadership of US military lawyer Michael Schmitt, NATO representatives describe the manual as the "most important legal document of the cyber era."

In the past, Schmitt has examined the legality of the use of top-secret nuclear weapons systems and the pros and cons of US drone attacks. Visitors to his office at the Naval War College in Rhode Island, the world's oldest naval academy, must first pass through several security checkpoints.

"Let's be honest," says Schmitt. "Everyone has treated the Internet as a sort of Wild West, a lawless zone. But international law has to be just as applicable to online weapons as conventional weapons."

It's easier said than done, though. When does malware become a weapon? When does a hacker become a warrior, and when does horseplay or espionage qualify as an "armed attack," as defined under international law? The answers to such detailed questions can spell the difference between war and peace.